I figured I would post another question that I have been stumped on. I have a packet capture of an SSL VPN session. The SSL VPN is basically a slightly modified implementation of OpenVPN over TCP.

I am working in Wireshark to try to dissect and decode the captured data. I have the private key files used for the key exchange. I am working now to retrieve the session key (which seem to change every few KB). I am just missing a dissector for OpenVPN. It looks like the Wireshark team has had requests for one. Has anyone successfully been able to decode OpenVPN traffic in Wireshark?

I just wanted to let you know that the packet-openvpn.c is already in the svn tree. I was able to compile wireshark in Linux (haven't tried on Windows). I was able to detect and dissect the OpenVPN packets in my capture without many issues. I love that you provided an option to change the port assignments for the protocol, since mine runs over a non-standard TCP port.

My only issue is that some of the SSL / TLS key negotiation gets lost. That's easily remedied by switching the decoding to SSL though.